** Description changed:
- heap-buffer-overflow on matio-1.5.28/src/mat.c:2462 Mat_VarPrint when we
- run ./fuzzers/matio_fuzzer ./crashes/poc.
-
- root@6:/fuzz# ./fuzzers/matio_fuzzer crashes/crash-104
- Reading 5045 bytes from crashes/crash-104
- Name: easy
- Rank: 2
- Dimensions: 1 x 1
- Class Type: Structure
- Data Type: Structure
- Fields[6] {
- Name: d
- Rank: 2
- Dimensions: 5 x 10
- Class Type: Double Precision Array
- Data Type: IEEE 754 double-precision
- Name: s
- Rank: 2
- Dimensions: 5 x 10
- Class Type: Single Precision Array
- Data Type: IEEE 754 single-precision
- Name: i32
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 32-bit, signed integer array
- Data Type: 32-bit, signed integer
- Name: i16
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 16-bit, signed integer array
- Data Type: 16-bit, signed integer
- Name: i8
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 8-bit, signed integer array
- Data Type: 8-bit, signed integer
- Name: c
- Rank: 2
- Dimensions: 2 x 11
- Class Type: Character Array
- Data Type: Unicode UTF-8 Encoded Character Data
- }
- Name: easy
- Rank: 2
- Dimensions: 1 x 1
- Class Type: Structure
- Data Type: Structure
- Fields[6] {
- Name: d
- Rank: 2
- Dimensions: 5 x 10
- Class Type: Double Precision Array
- Data Type: IEEE 754 double-precision
- {
- 1 6 11 16 21 26 31 36 41 46
- 2 7 12 17 22 27 32 37 42 47
- 3 8 13 18 23 28 33 38 43 48
- 4 9 14 19 24 29 34 39 44 49
- 5 10 15 20 25 30 35 40 45 50
- }
- Name: s
- Rank: 2
- Dimensions: 5 x 10
- Class Type: Single Precision Array
- Data Type: IEEE 754 single-precision
- {
- 1 6 11 16 21 26 31 36 41 46
- 2 7 12 17 22 27 32 37 42 47
- 3 8 13 18 23 28 33 38 43 48
- 4 9 14 19 24 29 34 39 44 49
- 5 10 15 20 25 30 35 40 45 50
- }
- Name: i32
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 32-bit, signed integer array
- Data Type: 32-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46
- 2 7 12 17 22 27 32 37 42 47
- 3 8 13 18 23 28 33 38 43 48
- 4 9 14 19 24 29 34 39 44 49
- 5 10 15 20 25 30 35 40 45 50
- }
- Name: i16
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 16-bit, signed integer array
- Data Type: 16-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46
- 2 7 12 17 22 27 32 37 42 47
- 3 8 13 18 23 28 33 38 43 48
- 4 9 14 19 24 29 34 39 44 49
- 5 10 15 20 25 30 35 40 45 50
- }
- Name: i8
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 8-bit, signed integer array
- Data Type: 8-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46
- 2 7 12 17 22 27 32 37 42 47
- 3 8 13 18 23 28 33 38 43 48
- 4 9 14 19 24 29 34 39 44 49
- 5 10 15 20 25 30 35 40 45 50
- }
- Name: c
- Rank: 2
- Dimensions: 2 x 11
- Class Type: Character Array
- Data Type: Unicode UTF-8 Encoded Character Data
- {
- char array1
- char array2
- }
- }
- Name: easy_with_sparse_and_tag
- Rank: 2
- Dimensions: 1 x 1
- Class Type: Structure
- Data Type: Structure
- Fields[14] {
- Name: d
- Rank: 2
- Dimensions: 5 x 10
- Class Type: Double Precision Array
- Data Type: IEEE 754 double-precision
- Name: s
- Rank: 2
- Dimensions: 5 x 10
- Class Type: Single Precision Array
- Data Type: IEEE 754 single-precision
- Name: i32
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 32-bit, signed integer array
- Data Type: 32-bit, signed integer
- Name: i16
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 16-bit, signed integer array
- Data Type: 16-bit, signed integer
- Name: i8
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 8-bit, signed integer array
- Data Type: 8-bit, signed integer
- Name: c
- Rank: 2
- Dimensions: 2 x 11
- Class Type: Character Array
- Data Type: Unicode UTF-8 Encoded Character Data
- Name: d_in_tag
- Rank: 2
- Dimensions: 1 x 4
- Class Type: Double Precision Array
- Data Type: IEEE 754 double-precision
- Name: s_in_tag
- Rank: 2
- Dimensions: 5 x 10
- Class Type: Single Precision Array
- Data Type: IEEE 754 single-precision
- Name: i32_in_tag
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 32-bit, signed integer array
- Data Type: 32-bit, signed integer
- Name: i16_in_tag
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 16-bit, signed integer array
- Data Type: 16-bit, signed integer
- Name: i8_in_tag
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 8-bit, signed integer array
- Data Type: 8-bit, signed integer
- Name: c_in_tag
- Rank: 2
- Dimensions: 1 x 4
- Class Type: Character Array
- Data Type: Unicode UTF-8 Encoded Character Data
- Name: sp
- Rank: 2
- Dimensions: 5 x 10
- Class Type: Sparse Array
- Data Type: IEEE 754 double-precision
- Name: sp_diag
- Rank: 2
- Dimensions: 10 x 10
- Class Type: Sparse Array
- Data Type: IEEE 754 double-precision
- }
- Name: easy_with_sparse_and_tag
- Rank: 2
- Dimensions: 1 x 1
- Class Type: Structure
- Data Type: Structure
- Fields[14] {
- Name: d
- Rank: 2
- Dimensions: 5 x 10
- Class Type: Double Precision Array
- Data Type: IEEE 754 double-precision
- {
- 1 6 11 16 21 26 31 36 41 46
- 2 7 12 17 22 27 32 37 42 47
- 3 8 13 18 23 28 33 38 43 48
- 4 9 14 19 24 29 34 39 44 49
- 5 10 15 20 25 30 35 40 45 50
- }
- Name: s
- Rank: 2
- Dimensions: 5 x 10
- Class Type: Single Precision Array
- Data Type: IEEE 754 single-precision
- {
- 1 6 11 16 21 26 31 36 41 46
- 2 7 12 17 22 27 32 37 42 47
- 3 8 13 18 23 28 33 38 43 48
- 4 9 14 19 24 29 34 39 44 49
- 5 10 15 20 25 30 35 40 45 50
- }
- Name: i32
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 32-bit, signed integer array
- Data Type: 32-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46
- 2 7 12 17 22 27 32 37 42 47
- 3 8 13 18 23 28 33 38 43 48
- 4 9 14 19 24 29 34 39 44 49
- 5 10 15 20 25 30 35 40 45 50
- }
- Name: i16
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 16-bit, signed integer array
- Data Type: 16-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46
- 2 7 12 17 22 27 32 37 42 47
- 3 8 13 18 23 28 33 38 43 48
- 4 9 14 19 24 29 34 39 44 49
- 5 10 15 20 25 30 35 40 45 50
- }
- Name: i8
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 8-bit, signed integer array
- Data Type: 8-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46
- 2 7 12 17 22 27 32 37 42 47
- 3 8 13 18 23 28 33 38 43 48
- 4 9 14 19 24 29 34 39 44 49
- 5 10 15 20 25 30 35 40 45 50
- }
- Name: c
- Rank: 2
- Dimensions: 2 x 11
- Class Type: Character Array
- Data Type: Unicode UTF-8 Encoded Character Data
- {
- char array1
- char array2
- }
- Name: d_in_tag
- Rank: 2
- Dimensions: 1 x 4
- Class Type: Double Precision Array
- Data Type: IEEE 754 double-precision
- {
- 1 2 3 4
- }
- Name: s_in_tag
- Rank: 2
- Dimensions: 5 x 10
- Class Type: Single Precision Array
- Data Type: IEEE 754 single-precision
- {
- 1 6 11 16 21 26 31 36 41 46
- 2 7 12 17 22 27 32 37 42 47
- 3 8 13 18 23 28 33 38 43 48
- 4 9 14 19 24 29 34 39 44 49
- 5 10 15 20 25 30 35 40 45 50
- }
- Name: i32_in_tag
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 32-bit, signed integer array
- Data Type: 32-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46
- 2 7 12 17 22 27 32 37 42 47
- 3 8 13 18 23 28 33 38 43 48
- 4 9 14 19 24 29 34 39 44 49
- 5 10 15 20 25 30 35 40 45 50
- }
- Name: i16_in_tag
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 16-bit, signed integer array
- Data Type: 16-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46
- 2 7 12 17 22 27 32 37 42 47
- 3 8 13 18 23 28 33 38 43 48
- 4 9 14 19 24 29 34 39 44 49
- 5 10 15 20 25 30 35 40 45 50
- }
- Name: i8_in_tag
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 8-bit, signed integer array
- Data Type: 8-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46
- 2 7 12 17 22 27 32 37 42 47
- 3 8 13 18 23 28 33 38 43 48
- 4 9 14 19 24 29 34 39 44 49
- 5 10 15 20 25 30 35 40 45 50
- }
- Name: c_in_tag
- Rank: 2
- Dimensions: 1 x 4
- Class Type: Character Array
- Data Type: Unicode UTF-8 Encoded Character Data
- {
- 1234
- }
- Name: sp
- Rank: 2
- Dimensions: 5 x 10
- Class Type: Sparse Array
- Data Type: IEEE 754 double-precision
- {
- (1,1) 3.03865e-319
- (2,1) 3.16202e-322
- (3,1) 1.04347e-320
- (4,1) 2.05531e-320
- (5,1) 2.56124e-320
- (1,3) 4.83789e-320
- (2,3) 5.09085e-320
- (3,3) 5.34381e-320
- (4,3) 5.59678e-320
- (5,3) 5.84974e-320
- (1,5) 6.7351e-320
- (2,5) 6.86158e-320
- (3,5) 6.98806e-320
- (4,5) 7.11455e-320
- (5,5) 7.24103e-320
- (1,7) 7.99991e-320
- (2,7) 8.12639e-320
- (3,7) 4.15265e-317
- (4,7) 8.25287e-320
- (5,7) 4.15278e-317
- (1,9) 4.15316e-317
- (2,9) 8.7588e-320
- (3,9) 4.15328e-317
- (4,9) 8.88528e-320
- (5,9) 4.15341e-317
- }
- Name: sp_diag
- Rank: 2
- Dimensions: 10 x 10
- Class Type: Sparse Array
- Data Type: IEEE 754 double-precision
- {
- (1,1) 3.03865e-319
- (2,2) 3.16202e-322
- (3,3) 1.04347e-320
- (4,4) 2.05531e-320
- (5,5) 2.56124e-320
- (6,6) 3.06716e-320
- (7,7) 3.57308e-320
- (8,8) 4.07901e-320
- (9,9) 4.33197e-320
- (10,10) 4.58493e-320
- }
- }
- Name: struct_nested
- Rank: 2
- Dimensions: 1 x 1
- Class Type: Structure
- Data Type: Structure
- Fields[2] {
- Name: easy
- Rank: 2
- Dimensions: 1 x 1
- Class Type: Structure
- Data Type: Structure
- Fields[6] {
- Name: d
- Rank: 2
- Dimensions: 5 x 10
- Class Type: Double Precision Array
- Data Type: IEEE 754 double-precision
- Name: s
- Rank: 2
- Dimensions: 5 x 10
- Class Type: Single Precision Array
- Data Type: IEEE 754 single-precision
- Name: i32
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 32-bit, signed integer array
- Data Type: 32-bit, signed integer
- Name: i16
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 16-bit, signed integer array
- Data Type: 16-bit, signed integer
- Name: i8
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 8-bit, signed integer array
- Data Type: 8-bit, signed integer
- Name: c
- Rank: 2
- Dimensions: 2 x 11
- Class Type: Character Array
- Data Type: Unicode UTF-8 Encoded Character Data
- }
- Name: easy_with_sparse_and_tag
- Rank: 2
- Dimensions: 1 x 1
- Class Type: Structure
- Data Type: Structure
- Fields[14] {
- Name: d
- Rank: 2
- Dimensions: 5 x 10
- Class Type: Double Precision Array
- Data Type: IEEE 754 double-precision
- Name: s
- Rank: 2
- Dimensions: 5 x 10
- Class Type: Single Precision Array
- Data Type: IEEE 754 single-precision
- Name: i32
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 32-bit, signed integer array
- Data Type: 32-bit, signed integer
- Name: i16
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 16-bit, signed integer array
- Data Type: 16-bit, signed integer
- Name: i8
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 8-bit, signed integer array
- Data Type: 8-bit, signed integer
- Name: c
- Rank: 2
- Dimensions: 2 x 11
- Class Type: Character Array
- Data Type: Unicode UTF-8 Encoded Character Data
- Name: d_in_tag
- Rank: 2
- Dimensions: 1 x 4
- Class Type: Double Precision Array
- Data Type: IEEE 754 double-precision
- Name: s_in_tag
- Rank: 2
- Dimensions: 5 x 10
- Class Type: Single Precision Array
- Data Type: IEEE 754 single-precision
- Name: i32_in_tag
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 32-bit, signed integer array
- Data Type: 32-bit, signed integer
- Name: i16_in_tag
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 16-bit, signed integer array
- Data Type: 16-bit, signed integer
- Name: i8_in_tag
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 8-bit, signed integer array
- Data Type: 8-bit, signed integer
- Name: c_in_tag
- Rank: 2
- Dimensions: 1 x 4
- Class Type: Character Array
- Data Type: Unicode UTF-8 Encoded Character Data
- Name: sp
- Rank: 2
- Dimensions: 5 x 10
- Class Type: Sparse Array
- Data Type: IEEE 754 double-precision
- Name: sp_diag
- Rank: 2
- Dimensions: 10 x 10
- Class Type: Sparse Array
- Data Type: IEEE 754 double-precision
- }
- }
- Name: struct_nested
- Rank: 2
- Dimensions: 1 x 1
- Class Type: Structure
- Data Type: Structure
- Fields[2] {
- Name: easy
- Rank: 2
- Dimensions: 1 x 1
- Class Type: Structure
- Data Type: Structure
- Fields[6] {
- Name: d
- Rank: 2
- Dimensions: 5 x 10
- Class Type: Double Precision Array
- Data Type: IEEE 754 double-precision
- {
- 1 6 11 16 21 26 31 36 41 46
- 2 7 12 17 22 27 32 37 42 47
- 3 8 13 18 23 28 33 38 43 48
- 4 9 14 19 24 29 34 39 44 49
- 5 10 15 20 25 30 35 40 45 50
- }
- Name: s
- Rank: 2
- Dimensions: 5 x 10
- Class Type: Single Precision Array
- Data Type: IEEE 754 single-precision
- {
- 1 6 11 16 21 26 31 36 41 46
- 2 7 12 17 22 27 32 37 42 47
- 3 8 13 18 23 28 33 38 43 48
- 4 9 14 19 24 29 34 39 44 49
- 5 10 15 20 25 30 35 40 45 50
- }
- Name: i32
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 32-bit, signed integer array
- Data Type: 32-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46
- 2 7 12 17 22 27 32 37 42 47
- 3 8 13 18 23 28 33 38 43 48
- 4 9 14 19 24 29 34 39 44 49
- 5 10 15 20 25 30 35 40 45 50
- }
- Name: i16
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 16-bit, signed integer array
- Data Type: 16-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46
- 2 7 12 17 22 27 32 37 42 47
- 3 8 13 18 23 28 33 38 43 48
- 4 9 14 19 24 29 34 39 44 49
- 5 10 15 20 25 30 35 40 45 50
- }
- Name: i8
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 8-bit, signed integer array
- Data Type: 8-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46
- 2 7 12 17 22 27 32 37 42 47
- 3 8 13 18 23 28 33 38 43 48
- 4 9 14 19 24 29 34 39 44 49
- 5 10 15 20 25 30 35 40 45 50
- }
- Name: c
- Rank: 2
- Dimensions: 2 x 11
- Class Type: Character Array
- Data Type: Unicode UTF-8 Encoded Character Data
- {
- char array1
- char array2
- }
- }
- Name: easy_with_sparse_and_tag
- Rank: 2
- Dimensions: 1 x 1
- Class Type: Structure
- Data Type: Structure
- Fields[14] {
- Name: d
- Rank: 2
- Dimensions: 5 x 10
- Class Type: Double Precision Array
- Data Type: IEEE 754 double-precision
- {
- 1 6 11 16 21 26 31 36 41 46
- 2 7 12 17 22 27 32 37 42 47
- 3 8 13 18 23 28 33 38 43 48
- 4 9 14 19 24 29 34 39 44 49
- 5 10 15 20 25 30 35 40 45 50
- }
- Name: s
- Rank: 2
- Dimensions: 5 x 10
- Class Type: Single Precision Array
- Data Type: IEEE 754 single-precision
- {
- 1 6 11 16 21 26 31 36 41 46
- 2 7 12 17 22 27 32 37 42 47
- 3 8 13 18 23 28 33 38 43 48
- 4 9 14 19 24 29 34 39 44 49
- 5 10 15 20 25 30 35 40 45 50
- }
- Name: i32
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 32-bit, signed integer array
- Data Type: 32-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46
- 2 7 12 17 22 27 32 37 42 47
- 3 8 13 18 23 28 33 38 43 48
- 4 9 14 19 24 29 34 39 44 49
- 5 10 15 20 25 30 35 40 45 50
- }
- Name: i16
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 16-bit, signed integer array
- Data Type: 16-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46
- 2 7 12 17 22 27 32 37 42 47
- 3 8 13 18 23 28 33 38 43 48
- 4 9 14 19 24 29 34 39 44 49
- 5 10 15 20 25 30 35 40 45 50
- }
- Name: i8
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 8-bit, signed integer array
- Data Type: 8-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46
- 2 7 12 17 22 27 32 37 42 47
- 3 8 13 18 23 28 33 38 43 48
- 4 9 14 19 24 29 34 39 44 49
- 5 10 15 20 25 30 35 40 45 50
- }
- Name: c
- Rank: 2
- Dimensions: 2 x 11
- Class Type: Character Array
- Data Type: Unicode UTF-8 Encoded Character Data
- {
- char array1
- char array2
- }
- Name: d_in_tag
- Rank: 2
- Dimensions: 1 x 4
- Class Type: Double Precision Array
- Data Type: IEEE 754 double-precision
- {
- 1 2 3 4
- }
- Name: s_in_tag
- Rank: 2
- Dimensions: 5 x 10
- Class Type: Single Precision Array
- Data Type: IEEE 754 single-precision
- {
- 1 6 11 16 21 26 31 36 41 46
- 2 7 12 17 22 27 32 37 42 47
- 3 8 13 18 23 28 33 38 43 48
- 4 9 14 19 24 29 34 39 44 49
- 5 10 15 20 25 30 35 40 45 50
- }
- Name: i32_in_tag
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 32-bit, signed integer array
- Data Type: 32-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46
- 2 7 12 17 22 27 32 37 42 47
- 3 8 13 18 23 28 33 38 43 48
- 4 9 14 19 24 29 34 39 44 49
- 5 10 15 20 25 30 35 40 45 50
- }
- Name: i16_in_tag
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 16-bit, signed integer array
- Data Type: 16-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46
- 2 7 12 17 22 27 32 37 42 47
- 3 8 13 18 23 28 33 38 43 48
- 4 9 14 19 24 29 34 39 44 49
- 5 10 15 20 25 30 35 40 45 50
- }
- Name: i8_in_tag
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 8-bit, signed integer array
- Data Type: 8-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46
- 2 7 12 17 22 27 32 37 42 47
- 3 8 13 18 23 28 33 38 43 48
- 4 9 14 19 24 29 34 39 44 49
- 5 10 15 20 25 30 35 40 45 50
- }
- Name: c_in_tag
- Rank: 2
- Dimensions: 1 x 4
- Class Type: Character Array
- Data Type: Unicode UTF-8 Encoded Character Data
- {
- 1234
- }
- Name: sp
- Rank: 2
- Dimensions: 5 x 10
- Class Type: Sparse Array
- Data Type: IEEE 754 double-precision
- {
- (1,1) 3.03865e-319
- (2,1) 3.16202e-322
- (3,1) 1.04347e-320
- (4,1) 2.05531e-320
- (5,1) 2.56124e-320
- (1,3) 4.83789e-320
- (2,3) 5.09085e-320
- (3,3) 5.34381e-320
- (4,3) 5.59678e-320
- (5,3) 5.84974e-320
- (1,5) 6.7351e-320
- (2,5) 6.86158e-320
- (3,5) 6.98806e-320
- (4,5) 7.11455e-320
- (5,5) 7.24103e-320
- (1,7) 7.99991e-320
- (2,7) 8.12639e-320
- (3,7) 4.15265e-317
- (4,7) 8.25287e-320
- (5,7) 4.15278e-317
- (1,9) 4.15316e-317
- (2,9) 8.7588e-320
- (3,9) 4.15328e-317
- (4,9) 8.88528e-320
- (5,9) 4.15341e-317
- }
- Name: sp_diag
- Rank: 2
- Dimensions: 10 x 10
- Class Type: Sparse Array
- Data Type: IEEE 754 double-precision
- {
- (1,1) 3.03865e-319
- (2,2) 3.16202e-322
- (3,3) 1.04347e-320
- (4,4) 2.05531e-320
- (5,5) 2.56124e-320
- (6,6) 3.06716e-320
- (7,7) 3.57308e-320
- (8,8) 4.07901e-320
- (9,9) 4.33197e-320
- (10,10) 4.58493e-320
- }
- }
- }
- Name: d
- Rank: 2
- Dimensions: 5 x 10
- Class Type: Double Precision Array
- Data Type: IEEE 754 double-precision
- Name: d
- Rank: 2
- Dimensions: 5 x 10
- Class Type: Double Precision Array
- Data Type: IEEE 754 double-precision
- {
- 1 6 11 16 21 26 31 36 41 46
- 2 7 12 17 22 27 32 37 42 47
- 3 8 13 18 23 28 33 38 43 48
- 4 9 14 19 24 29 34 39 44 49
- 5 10 15 20 25 30 35 40 45 50
- }
- Name: s
- Rank: 2
- Dimensions: 5 x 10
- Class Type: Single Precision Array
- Data Type: IEEE 754 single-precision
- Name: s
- Rank: 2
- Dimensions: 5 x 10
- Class Type: Single Precision Array
- Data Type: IEEE 754 single-precision
- {
- 1 6 11 16 21 26 31 36 41 46
- 2 7 12 17 22 27 32 37 42 47
- 3 8 13 18 23 28 33 38 43 48
- 4 9 14 19 24 29 34 39 44 49
- 5 10 15 20 25 30 35 40 45 50
- }
- Name: i32
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 32-bit, signed integer array
- Data Type: 32-bit, signed integer
- Name: i32
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 32-bit, signed integer array
- Data Type: 32-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46
- 2 7 12 17 22 27 32 37 42 47
- 3 8 13 18 23 28 33 38 43 48
- 4 9 14 19 24 29 34 39 44 49
- 5 10 15 20 25 30 35 40 45 50
- }
- Name: i16
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 16-bit, signed integer array
- Data Type: 16-bit, signed integer
- Name: i16
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 16-bit, signed integer array
- Data Type: 16-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46
- 2 7 12 17 22 27 32 37 42 47
- 3 8 13 18 23 28 33 38 43 48
- 4 9 14 19 24 29 34 39 44 49
- 5 10 15 20 25 30 35 40 45 50
- }
- Name: i8
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 8-bit, signed integer array
- Data Type: 8-bit, signed integer
- Name: i8
- Rank: 2
- Dimensions: 5 x 10
- Class Type: 8-bit, signed integer array
- Data Type: 8-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46
- 2 7 12 17 22 27 32 37 42 47
- 3 8 13 18 23 28 33 38 43 48
- 4 9 14 19 24 29 34 39 44 49
- 5 10 15 20 25 30 35 40 45 50
- }
- Name: c
- Rank: 2
- Dimensions: 2 x 11
- Class Type: Character Array
- Data Type: Unicode UTF-8 Encoded Character Data
- Name: c
- Rank: 2
- Dimensions: 2 x 11
- Class Type: Character Array
- Data Type: Unicode UTF-8 Encoded Character Data
- {
- char array1
- char array2
- }
- -E- ossfuzz: InflateData: inflate returned data error
- Name: sp_diag
- Rank: 2
- Dimensions: 10 x 10
- Class Type: Sparse Array
- Data Type: IEEE 754 double-precision
- Name: sp_diag
- Rank: 2
- Dimensions: 10 x 10
- Class Type: Sparse Array
- Data Type: IEEE 754 double-precision
- {
- (1,1) 3.03865e-319
- (1,2) 3.16202e-322
- =================================================================
- ==7571==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x602000007598 at pc 0x5dcdd60ed578 bp 0x7fffca418920 sp 0x7fffca418918
- READ of size 4 at 0x602000007598 thread T0
- #0 0x5dcdd60ed577 in Mat_VarPrint /fuzz/matio/matio/src/mat.c:2462:69
- #1 0x5dcdd60d6bd9 in MatioRead(char const*)
/fuzz/matio/matio/ossfuzz/./matio_wrap.h:48:9
- #2 0x5dcdd60d6ee0 in LLVMFuzzerTestOneInput
/fuzz/matio/matio/ossfuzz/./matio_fuzzer.cpp:30:12
- #3 0x5dcdd60d7571 in ExecuteFilesOnyByOne
/fuzz/tools/afl-build/utils/aflpp_driver/aflpp_driver.c:256:7
- #4 0x5dcdd60d79ec in LLVMFuzzerRunDriver
/fuzz/tools/afl-build/utils/aflpp_driver/aflpp_driver.c:377:12
- #5 0x5dcdd60167e6 in main
/fuzz/tools/afl-build/utils/aflpp_driver/aflpp_driver.c:312:10
- #6 0x7f8a86498d8f in __libc_start_call_main
csu/../sysdeps/nptl/libc_start_call_main.h:58:16
- #7 0x7f8a86498e3f in __libc_start_main csu/../csu/libc-start.c:392:3
- #8 0x5dcdd6016854 in _start (/fuzz/fuzzers/matio_fuzzer+0x44c854)
(BuildId: 47398e734cfc645e953c20da47ea4b4044050bf5)
-
- 0x602000007599 is located 0 bytes to the right of 9-byte region
[0x602000007590,0x602000007599)
- allocated by thread T0 here:
- #0 0x5dcdd6099888 in __interceptor_calloc
(/fuzz/fuzzers/matio_fuzzer+0x4cf888) (BuildId:
47398e734cfc645e953c20da47ea4b4044050bf5)
- #1 0x5dcdd6111f45 in ReadSparse /fuzz/matio/matio/src/mat5.c:528:26
- #2 0x5dcdd610be59 in Mat_VarRead5 /fuzz/matio/matio/src/mat5.c:3391:26
- #3 0x5dcdd60d6baa in MatioRead(char const*)
/fuzz/matio/matio/ossfuzz/./matio_wrap.h:43:9
- #4 0x5dcdd60d6ee0 in LLVMFuzzerTestOneInput
/fuzz/matio/matio/ossfuzz/./matio_fuzzer.cpp:30:12
- #5 0x5dcdd60d7571 in ExecuteFilesOnyByOne
/fuzz/tools/afl-build/utils/aflpp_driver/aflpp_driver.c:256:7
-
- SUMMARY: AddressSanitizer: heap-buffer-overflow
/fuzz/matio/matio/src/mat.c:2462:69 in Mat_VarPrint
- Shadow bytes around the buggy address:
- 0x0c047fff8e60: fa fa fd fa fa fa fd fa fa fa fd fd fa fa fd fd
- 0x0c047fff8e70: fa fa fd fa fa fa fd fa fa fa fd fd fa fa fd fd
- 0x0c047fff8e80: fa fa fd fa fa fa fd fa fa fa fd fd fa fa fd fd
- 0x0c047fff8e90: fa fa fd fa fa fa fd fa fa fa fd fd fa fa fd fd
- 0x0c047fff8ea0: fa fa fd fa fa fa fd fa fa fa fd fd fa fa 00 00
- =>0x0c047fff8eb0: fa fa 00[01]fa fa fa fa fa fa fa fa fa fa fa fa
- 0x0c047fff8ec0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
- 0x0c047fff8ed0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
- 0x0c047fff8ee0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
- 0x0c047fff8ef0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
- 0x0c047fff8f00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
- Shadow byte legend (one shadow byte represents 8 application bytes):
- Addressable: 00
- Partially addressable: 01 02 03 04 05 06 07
- Heap left redzone: fa
- Freed heap region: fd
- Stack left redzone: f1
- Stack mid redzone: f2
- Stack right redzone: f3
- Stack after return: f5
- Stack use after scope: f8
- Global redzone: f9
- Global init order: f6
- Poisoned by user: f7
- Container overflow: fc
- Array cookie: ac
- Intra object redzone: bb
- ASan internal: fe
- Left alloca redzone: ca
- Right alloca redzone: cb
- ==7571==ABORTING
+ tset
** Summary changed:
- heap-buffer-overflow on matio-1.5.28/src/mat.c:2462:69 in Mat_VarPrint
+ test
** Attachment removed: "crash-104"
https://bugs.launchpad.net/ubuntu/+bug/2095070/+attachment/5852015/+files/crash-104
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2095070
Title:
test
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+bug/2095070/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
